Cherries - stock.adobe.com
Organisations need to think strategically about doing business in a digital world to ensure they focus on the right things in projects, programmes and transformations, according to Chris Verdonck, partner, risk advisory, Deloitte Belgium.
“This is important because we live in an increasingly connected society and economy, and we need to reflect on how we approach this complex environment much more than we are used to doing,” he told EEMA’s ISSE 2017 conference in Brussels.
Security is also an important consideration, he said, because there are a whole range of things organsations have to do to protect themselves from all the things threatening trust and digital identity, among other things.
“We have to think about things to do with applications, infrastructure, identity, privacy and many other domains, as we execute on our strategies in response to the environment in which we all operate today,” said Verdonck.
The next thing to consider, he said, is the need to be vigilant. “This means when an incident occurs, we need to know instantly what happened, what the impact is and how we need to respond. “For many organisations, vigilance is a new dimension, and for organisations which have complex environments, vigilance is consequently a complex domain, but a sense of urgency is important for all of us as we operate in our specific environments.”
Finally, said Verdonck, when something happens, organisations need to be resilient and able to understand the extent of the event and how to restore normal business operations as quickly as possible.
“Resilience is an important element that we have to take into account because, according to the Wall Street Journal, there were a record 791 serious breaches in the US in the first six months of 2017, which is about four a day, including Saturdays and Sundays,” he said.
Read more about cyber risk
- Business needs to get real about cyber security, warn BT and KPMG.
- Cyber risk management can add business benefit while improving security.
- Many UK firms are failing to adequately assess their customers and trading partners for cyber risk.
- Many company employees ignore cyber risks, exposing their organisations to attacks.
According to the report, cyber threats have risen to the top of chief executives’ worry lists because a data breach could cost them their jobs and take down their businesses.
The fallout of attacks on companies such as Target, Yahoo and Equifax, the WJS said, has thrust more corporate bosses to the frontline of cyber security issues and changed the way they work. “We should not think a cyber breach is something that only happens to others,” said Verdonck. “They can happen to all of us, and we need to take that fully into account.”
A poll of information and security professionals published in November 2017 revealed businesses are nowhere near prepared enough for a cyber attack.
Some 600 UK and US cyber professionals, polled as part of RedSeal’s second annual Resilience Report, identified four key areas of concern which, unless addressed quickly, they believe will expose businesses to significant cyber threats.
First, the complex threat landscape that is outpacing security teams’ capabilities. Second, a lack of preparation is pervasive, with only 25% of respondents’ organisations testing their cyber security response to a major incident annually. Third, a dangerous gap between perceived and true detection times.
Finally, the poll revealed that in many cases compliance and not strategy is driving security planning, with 97% of respondents reporting that external regulations play a major role in their cyber security and resilience planning and implementation.
“The poll underscores the urgency for the leaders of cyber strategy to pivot and aggressively pursue resilience, the ability to maintain business as usual while navigating an attack, as the new gold standard. Being prepared is the best defence,” said Ray Rothrock, CEO and chairman of RedSeal.
Asked what the most urgent call to action would be, Rothrock said operational resilience – proactively managing through a crisis – is the new gold standard overall.
“On the cyber front, digital resilience – the ability to contain the bad guys when they’re inside your network, and protect high-value assets such as customer data and content from exfiltration – will protect your networks and vital financial assets,” he said.